Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Desktop Search: The Ultimate Security Hole?

While uncovering lost e-mails or past Web page visits may appeal to some users, analysts are warning enterprises that desktop search makes it possible to reveal personal and confidential information on corporate computers.

Desktop-search tools have become one of the industrys hottest trends, promising to extend the ease of searching for Web pages to the finding of hard-drive files and data.

While end-users may jump at the chance to uncover their lost e-mails or past Web page visits, analysts and IT executives are warning enterprises to think twice about desktop search because of its potential to reveal personal and confidential information on corporate computers.

The problem, they say, isnt necessarily the technology behind desktop search, but rather the unintended consequences of being able to instantly locate previously hard-to-find data such as e-mails and cached Web pages.

The retrieval of Web history is the biggest cause for concern, said Timothy Hickernell, a vice president at IT research company The META Group Inc. Hickernell issued a client advisory last month warning IT departments about the risks of desktop search.

In particular, Googles desktop search client, released in a beta in October, can index cached Web pages, including pages from secure sites that display corporate data from Web-based enterprise applications or personal information such as financial-services accounts and medical records.

Microsoft Corp.s MSN division and Ask Jeeves Inc. both have said they plan to launch desktop search products this month. Yahoo Inc. and America Online Inc. also are working on a desktop search offerings.

"Theres no way IT is going to stop this," Hickernell said. "For power users in particular, this is a valuable tool.

"We are not recommending that IT outright ban the tools but that departments have to test the tools, get out ahead of this trend and understand what the tools are doing in their own corporate desktop environment."

One Silicon Valley hospital and medical group went so far as to warn the users of its online medical records system about the risks of Google Desktop Search.

The Palo Alto Medical Foundation issued an advisory within weeks of the Google Desktop Search release after IT officials realized that the search tool, by default, would index the encrypted Web pages from its patient system called PAMFOnline, said Dr. Paul Tang, the medical groups chief medical information officer.

"When I downloaded desktop search, it dawned on me that its very powerful but sounds like it could also be accessing caches for things you may not want to be findable," Tang said.

Rather than telling users not to install Google Desktop Search, the hospital explained in its advisory how users could changes the tools settings to ensure that encrypted Web pages (HTTPs), such as those served by its medical-records system, were excluding from searches, Tang said.

"I like Google a whole lot, but this was just a matter of trying to keep people informed of the other potential implications [of desktop search]," Tang said.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.